diff --git a/codebuild/bin/install_al2_dependencies.sh b/codebuild/bin/install_al2_dependencies.sh index 056b3e3b212..55bdf6c3e31 100755 --- a/codebuild/bin/install_al2_dependencies.sh +++ b/codebuild/bin/install_al2_dependencies.sh @@ -26,9 +26,6 @@ base_packages() { # We don't use NodeJS, so just remove it. yum erase -y nodejs || true yum update -y - # The default openssl-devel on AL2 is openssl-1.0. - # We replace it with openssl-1.1 later in the build process. - yum erase -y openssl-devel || true yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm || true yum install amazon-linux-extras @@ -59,5 +56,15 @@ symlink_all_the_things() { base_packages mono yum groupinstall -y "Development tools" -yum install -y clang cmake3 iproute net-tools nettle-devel nettle openssl11-static openssl11-libs openssl11-devel which sudo psmisc python3-pip tcpdump unzip zlib-devel libtool ninja-build valgrind wget which +yum install -y clang cmake3 iproute net-tools nettle-devel nettle which sudo psmisc +yum install -y python3-pip tcpdump unzip zlib-devel libtool ninja-build valgrind wget symlink_all_the_things + +case "$S2N_LIBCRYPTO" in + "openssl-1.1.1") + yum erase -y openssl-devel || true + yum install -y openssl11-static openssl11-libs openssl11-devel + ;; + "default") echo "Using default system libcrypto";; + *) echo "Unknown libcrypto: ${S2N_LIBCRYPTO}"; exit 1;; +esac diff --git a/codebuild/bin/s2n_codebuild_al2.sh b/codebuild/bin/s2n_codebuild_al2.sh index 03124898c36..d2686621a8d 100755 --- a/codebuild/bin/s2n_codebuild_al2.sh +++ b/codebuild/bin/s2n_codebuild_al2.sh @@ -16,6 +16,7 @@ set -e source codebuild/bin/s2n_setup_env.sh + # Use prlimit to set the memlock limit to unlimited for linux. OSX is unlimited by default # Codebuild Containers aren't allowing prlimit changes (and aren't being caught with the usual cgroup check) if [[ "$OS_NAME" == "linux" && -n "$CODEBUILD_BUILD_ARN" ]]; then @@ -30,11 +31,12 @@ fi # Linker flags are a workaround for openssl case "$TESTS" in - "unit") cmake . -Bbuild -DCMAKE_EXE_LINKER_FLAGS="-lcrypto -lz" -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -D${CMAKE_PQ_OPTION} -DS2N_BLOCK_NONPORTABLE_OPTIMIZATIONS=True - cmake --build ./build -j $(nproc) - cmake --build ./build --target test -- ARGS="-L unit --output-on-failure" - ;; - *) echo "Unknown test" - exit 1;; + "unit") + cmake . -Bbuild -DCMAKE_EXE_LINKER_FLAGS="-lcrypto -lz" -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \ + -D${CMAKE_PQ_OPTION} -DS2N_BLOCK_NONPORTABLE_OPTIMIZATIONS=True + cmake --build ./build -j $(nproc) + cmake --build ./build --target test -- ARGS="-L unit --output-on-failure" + ;; + *) echo "Unknown test"; exit 1;; esac diff --git a/codebuild/bin/s2n_setup_env.sh b/codebuild/bin/s2n_setup_env.sh index aa9c97bfac4..c0d3593b326 100755 --- a/codebuild/bin/s2n_setup_env.sh +++ b/codebuild/bin/s2n_setup_env.sh @@ -151,9 +151,11 @@ fi if [[ "$S2N_LIBCRYPTO" == "libressl" ]]; then export LIBCRYPTO_ROOT=$LIBRESSL_INSTALL_DIR ; fi -# Create a link to the selected libcrypto. This shouldn't be needed when LIBCRYPTO_ROOT is set, but some tests -# have the "libcrypto-root" directory path hardcoded. -rm -rf libcrypto-root && ln -s "$LIBCRYPTO_ROOT" libcrypto-root +if [[ -n "${LIBCRYPTO_ROOT:-}" ]]; then + # Create a link to the selected libcrypto. This shouldn't be needed when LIBCRYPTO_ROOT is set, but some tests + # have the "libcrypto-root" directory path hardcoded. + rm -rf libcrypto-root && ln -s "$LIBCRYPTO_ROOT" libcrypto-root +fi # Set the libfuzzer to use for fuzz tests export LIBFUZZER_ROOT=$LIBFUZZER_INSTALL_DIR @@ -219,11 +221,10 @@ set_cc echo "UID=$UID" echo "OS_NAME=$OS_NAME" echo "S2N_LIBCRYPTO=$S2N_LIBCRYPTO" -echo "LIBCRYPTO_ROOT=$LIBCRYPTO_ROOT" +echo "LIBCRYPTO_ROOT=${LIBCRYPTO_ROOT:-}" echo "BUILD_S2N=$BUILD_S2N" echo "GCC_VERSION=$GCC_VERSION" echo "LATEST_CLANG=$LATEST_CLANG" echo "TESTS=$TESTS" echo "PATH=$PATH" echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" - diff --git a/tests/unit/s2n_build_test.c b/tests/unit/s2n_build_test.c index f043cca62e7..7e707954df4 100644 --- a/tests/unit/s2n_build_test.c +++ b/tests/unit/s2n_build_test.c @@ -65,6 +65,10 @@ int main() return 0; } + if (strcmp(s2n_libcrypto, "default") == 0) { + END_TEST(); + } + char s2n_libcrypto_copy[100] = { 0 }; strncpy(s2n_libcrypto_copy, s2n_libcrypto, 99); char *name = NULL;